diff --git a/pkg/service/submissions.go b/pkg/service/submissions.go
index 637fc7f..0ae7eeb 100644
--- a/pkg/service/submissions.go
+++ b/pkg/service/submissions.go
@@ -406,9 +406,16 @@ func (svc *Service) ActionSubmissionTriggerUpload(ctx context.Context, params ap
 		return ErrPermissionDeniedNeedSubmissionUpload
 	}
 
+	// track who is performing the upload action
+	userId, err := userInfo.GetUserID()
+	if err != nil {
+		return err
+	}
+
 	// transaction
 	smap := datastore.Optional()
 	smap.Add("status_id", model.StatusUploading)
+	smap.Add("uploaded_by", userId)
 	submission, err := svc.DB.Submissions().IfStatusThenUpdateAndGet(ctx, params.SubmissionID, []model.Status{model.StatusValidated}, smap)
 	if err != nil {
 		return err
@@ -513,18 +520,20 @@ func (svc *Service) ActionSubmissionTriggerValidate(ctx context.Context, params
 		return err
 	}
 
-	has_role, err = userInfo.IsSubmitter(uint64(submission.Submitter))
+	// track who is performing the accept action
+	userId, err := userInfo.GetUserID()
 	if err != nil {
 		return err
 	}
 	// check if caller is NOT the submitter
-	if has_role {
+	if userId == uint64(submission.Submitter) {
 		return ErrAcceptOwnSubmission
 	}
 
 	// transaction
 	smap := datastore.Optional()
 	smap.Add("status_id", model.StatusValidating)
+	smap.Add("accepted_by", userId)
 	submission, err = svc.DB.Submissions().IfStatusThenUpdateAndGet(ctx, params.SubmissionID, []model.Status{model.StatusSubmitted}, smap)
 	if err != nil {
 		return err